[Owasp-ireland] Instagram iOS session hijack

Fabio Cerullo fcerullo at owasp.org
Tue Jul 29 17:56:14 UTC 2014


And here we go again... Instagram makes API calls to non-HTTPS endpoints
with session cookies in the request headers allowing full session hijack by
a malicious actor. Full details below:

https://gist.github.com/stevegraham/9a98627eebd6b09d4483

Fabio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-ireland/attachments/20140729/015445c2/attachment.html>


More information about the Owasp-ireland mailing list